TUCoPS :: Web :: Blogs :: tb11681.htm

Geoblog v1 administrator bypass
Geoblog v1 administrator bypass
Geoblog v1 administrator bypass


Geoblog v1.

A vulnerability exists in geoblog version 1 (latest) that  allows users to delete other peoples comments without administration  credentials. It works on blogs too. Users can delete blogs without user  credentials. 

The reason why is because the listcomments.php and deletecomments.php  files fail to include checks for authenticity. 

The following proof of concept is as follows:

www.example.com/blog/admin/listcomment.php?id=16 

The ID being the blog ID obtained from the index. Using this we can go  here...

http://www.truegirlonline.net/blog/admin/deletecomment.php?id=16 
And delete comments without any admin sosay. 

And the blog deletion. 

http://www.example.net/blog/admin/deleteblog.php?id=15 

The fix presently would be to add checks for authenticity like the other  files.
if($_SESSION['login'] != "user_valid_and_logged_in") {
header("Location: ../index.php");
}

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH